Comment 11 for bug 1026852

After speaking with infinity, mdeslaur, and jdstrand, we've decided to *not* split the audit package into an audit daemon with networking support and another without. Instead, we've decided to disable network listener support in the existing auditd binary package.

If we have a large number of users who depend on the auditd network listener support, then we may try to get the split package layout upstream in Debian and then merge that back into Ubuntu. However, I do not believe that the centralized logging functionality in auditd is widely used.

This approach provides a nice balance of security and maintainability, while not confusing users with multiple auditd binary packages.

Here's the debdiff to disable the network listener and remove libwrap and libev as build dependencies. Please see the changelog for more details. I've successfully tested auditd and some of the auditd tools with this debdiff applied.